Nearly nine in 10 respondents said they are confident about their cybersecurity posture and are in a position to protect their organization from an impending threat, and another 85 percent said they have changed or plan to change their security policies and procedures in the wake of widespread cyberattacks, which is good, because nearly half believe that their company will experience a major security incident within the next year.

However, you have to wonder if they are truly that confident or if they are exaggerating their security posture and their internal security skills. The report also said this:

Attackers that successfully get onto a network can move laterally if access to information is available. Yet surprisingly only 66 percent of U.S. organizations and 51 percent of EU organizations fully restrict access to sensitive information on a “need-to-know” basis. . . . As shown with the DNC and Equifax breaches, attackers can get onto a network and spend weeks or even months stealing sensitive information before anyone knows they’ve been compromised. Despite these dangers, 8 out of 10 respondents in the EU and the U.S. are confident or very confident that hackers are not currently on their network.

Unfortunately, we don’t know what they base that confidence on, and that could spell disaster if it is falsely placed.

Michael Patterson, CEO of Plixer, told me in an email comment that he sees the results of this survey as good news/bad news:

The good news from this is that these executives are asking their security teams questions relating to preparedness. The bad news from this is IT teams are often fearful to expose weakness. Unless there is a culture of openness and a willingness to invest more time, people, and money, nobody really wants to respond with anything other than “we are prepared.” IT teams are fearful that exposing vulnerabilities will reflect poorly on them. There must be a shift of attitude from the boardroom all the way to the security operations teams acknowledging that prevention is impossible.

To be truly prepared, Patterson added, organizations need to have a well-defined incident response process and access to forensic data from network traffic analytics so that when an incident does occur, organizations are able to quickly understand all of the logistics of the breach and return the company to normal functions as soon as possible.

So to answer my opening question, was the Equifax breach the wake-up called needed? I think the answer is mixed. Yes, security decision makers are forced to look more closely at their security posture, but I think there is still a long way to go to really understand how to best protect the network and data.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

IT Solutions Builder
TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD

Which topic are you interested in?

Mobile

Security

Networks/IoT

Cloud

Data Storage

Applications

Development

IT Management

Other

What is your company size?

What is your job title?

What is your job function?

Searching our resource database to find your matches...

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.

Please enable Javascript in your browser, before you post the comment! Now Javascript is disabled.

Post a comment

Your name/nickname

Your email

WebSite

Subject

(Maximum characters: 1200). You have 1200 characters left.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.